Re: Winnt/Win2k Vuln ?

From: Meritt James (meritt_jamesat_private)
Date: Fri Aug 10 2001 - 12:15:36 PDT

Next message: Kevin Gagel: "Re: Winnt/Win2k Vuln ?"

Previous message: Erik Fichtner: "Re: Wireless Lans give EVERYONE ACCESS"
In reply to: martin.goudreaultat_private: "Re: Winnt/Win2k Vuln ?"
Next in thread: David Schwartz: "RE: Winnt/Win2k Vuln ?"
Reply: David Schwartz: "RE: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Think that is scary?  I cannot state about the current browser, but
previous versions bypassed a lot of the NT security features.  Happens
when the browser is made an integral part of the OS - but for legal
reasons and with apparently little concerns to security ones.

martin.goudreaultat_private wrote:
> 
> Scarry...
> 
> I tried it with Win2K SP2 and it works! Also, tried it with a exec file (renamed
> to WWW.TEST.COM) and the file executed no questions asked! Tried it with a valid
> (and verified) URL name (www.novell.com) and guess what? Same results!
> 
> Can potentially be harmful.
> 
> Martin Goudreault
> Senior Systems Support
> Bombardier - AeroSpace
> St-Laurent, Qc, Canada
> 514-855-5001 x55488
> 
> "Red Pantz" <redpantzat_private> on 08/08/2001 05:17:40 PM
> 
> To:   vuln-devat_private
> cc:    (bcc: Martin Goudreault/Canadair/Bombardier)
> Subject:  Winnt/Win2k Vuln ?
> 
> Hello all,
> 
> I have found that if you name a file (can be any data file) a certain URL, on
> your desktop, and then g0 to IE and type that url, the web site will not come
> up, only the program that was named the certain.confusing?
> 
> i.e.
> 
> - copy autoexec.bat to ..\desktop
> - rename autoexec.bat to www.google.com (can be any url)
> - then go to IE and type "www.google.com"
> - your batch file is then ran
> 
> a few issues i have w/ this is:
> 
> - the prog will only run if it is on your desktop
> - if you type "http://www.google.com", for example
>   it will not run(unless u name your file the same thing)
> - it has only been tested on Win2k SP1, Winnt 4.0 SP6a w/ IE 5.5
> - it doesn't seem to have any privelage escalation (all progs are run as the
> current user logged on)
> 
> Just want a few others to try it and see wut they think
> 
> thanx alot
> redpantz
> 
> ------------------------------------------------------------
> [- Get your own free e-mail @ http://www.crackdealer.com -]
> 
>   ------------------------------------------------------------------------
>                Name: att1.eml
>    att1.eml    Type: MHTML Document (message/rfc822)
>            Encoding: base64

-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

Next message: Kevin Gagel: "Re: Winnt/Win2k Vuln ?"
Previous message: Erik Fichtner: "Re: Wireless Lans give EVERYONE ACCESS"
In reply to: martin.goudreaultat_private: "Re: Winnt/Win2k Vuln ?"
Next in thread: David Schwartz: "RE: Winnt/Win2k Vuln ?"
Reply: David Schwartz: "RE: Winnt/Win2k Vuln ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:31:14 PDT